Application Serial No.: 10/074,583 
Amendment and Response to November 29, 2005 Non-Final Office Action 

REMARKS 

Claims 1 - 24 are in the application. Claims 1 - 6, 9 - 13, 16 - 19, 21 , 22, and 24 
are currently amended; claims 7, 8, 14, 15, 20, and 23 remain unchanged from the 
original versions thereof; and claims 25 -28 are canceled. Claims 1, 22, and 24 are the 
independent claims herein. 

No new matter has been added to the application as a result of the amendments 
submitted herewith. Reconsideration and further examination are respectfully 
requested. 

Information Disclosure Statement 

The Office Action states that the information disclosure statements (I.D.S.s) filed 
on 1 1/20/03, 07/16/03 and 07/08/02 failed : to comply with the provisions of 37 CFR 
1.97, 1.08 and MPEP § 609 because the NPL literatures cited therein were not 
attached with the application. The Office Action further states that the date of any re- 
submission of any missing element of the subject I.D.S.s would be the date of 
submission for purposes of determining time of filing compliance under 37 CFR 1.97(e). 

Applicant respectfully submits that I.D.S. filed on 07/08/02 included a copy of all 
seven references listed therein (4 U.S. Patent Documents, 2 Foreign Patent 
Documents, and 1 NPL Document). Furthermore, Applicant received an USPTO OIPE 
date stamped (July 12, 2003) return receipt postcard that specifically lists an I.D.S. and 
"copies of 7 references". Similarly, the I.D.S. filed on 07/16/03 included a copy of the 
reference listed therein. Applicant also received an USPTO OIPE date stamped (July 
18, 2003) return receipt postcard that specifically lists an I.D.S. and "Form PTO-1449 

with 1 reference". Thus, the record clearly indicates that the USPTO OIPE 

y 

acknowledged receipt of the items specifically listed on the return postcard receipt. 

Accordingly, Applicant submits that the I.D.S.s filed on 07/08/02 and 07/16/03 
were properly filed with all of the necessary items to afford each the respective original 
filing date. The proper and complete filing of each I.D.S. is substantiated by the 
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USPTO OIPE date stamped postcard receipts. Copies of the USPTO OIPE date 
stamped receipts are included herewith. Additionally, Applicant includes a courtesy 
copy of the previously filed I.D.S.s and NPL documents. 

Therefore, Applicant requests that consideration of the NPL documents and that 
they be accorded the original filing date of the I.D.S.s. 

Applicant also submits that the I.D.S. mailed on 07/08/02 included a copy of the 
Written Opinion dated October 7, 2003 for a PCT application corresponding to the 
current application. However, a copy of an USPTO OIPE date stamped postcard 
receipt is not available (not filed by Applicant's present representative law firm). A copy 
of the Written Opinion dated October 7, 2003 is included herewith. 

Applicant requests that consideration of the Written Opinion dated October 7, 

2003. 

Oath/Declaration 

The Office requests a new oath or declaration because the pending application 
does include an oath or declaration that identifies the application to which the 
oath/declaration is to form a part, preferably by application number and filing date in the 
body of the oath or declaration. 

Applicant notes that a properly executed declaration was filed with the USPTO 
as part of a Response to Notice to File Missing Parts (NOMP) filed May 6, 2002. 
Applicant submits that the declaration executed and filed in the application does in fact 
identify the present application be both filing date (February 12, 2002) and application 
serial number (10/074,583 ). A copy of the executed Declaration and Power of Attorney 
filed May 6, 2003 is included herewith. Applicant also includes a copy of the USPTO 
OIPE date stamped postcard receipt that substantiates the Office received the 
executed declaration. 
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Specification 

The disclosure was objected to for including a number of informalities. 

The Office Action stated that the words "complex associations can be 
developed" cited in line 20 of page 6 of the specification should be corrected as: 
"complex associations can be developed". The specification is amended as suggested, 
as indicated in the "Amendments to the Specification" section hereinabove. 

The Office Action stated that the words "this information is correlates with a low 
scaled weighting" cited in line 23 of page 6 of the specification should be corrected as: 
"this information is correlated with a low scaled weighting". The specification is 
amended as suggested, as indicated in the "Amendments to the Specification" section 
hereinabove. 

Line 12 of page 7 of the specification previously associated "security level" with 
numeral 104. However, "security level" is associated with numeral 105 in Fig. 1. The 
specification is amended to agree with Fig. 1. 

Accordingly, Applicant requests the reconsideration and withdrawal of the 
objections to the specification. 

Claim Rejections - 35 USC S 101 

t , 

Claims 1-21 and 24 - 25 were rejected for allegedly claiming non-statutory 
subject matter under 35 USC 101. This rejection is respectfully traversed 

Claim 1 is currently amended to state, in relevant part to the rejection under 35 
USC 101, "processing, by a computer, the information received". Clearly, the claimed 
method is associated with hardware, namely a computer that processes the claimed 
received information. Claims 2-21 depend from claim 1 . Applicant respectfully 
submits that claims 1 -21 are directed to and claim statutory subject matter. 
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Accordingly, Applicant requests the reconsideration and withdrawal of the 
rejection of claims 1 -21 under 35 USC 101. 

Claim 24 is currently amended to recite, "[A] computer-readable medium having 
computer executable program instructions residing thereon, the computer-readable 
medium comprising: instructions to receive...; instructions to structure...; and 
instructions to calculate...". Applicant respectfully submits that the claimed computer- 
readable medium is patentable under 35 USC 101. 

Therefore, Applicant requests the reconsideration and withdrawal of the rejection 
of claims 1 -21 under 35 USC 101. 

Claim 25 is canceled. Accordingly, the rejection thereto is moot. 

Claim Objections 

Claim 27, now canceled, was objected to in the Office Action. Since claim 27 is 
canceled, the objection thereto is moot. 

Claim Rejections - 35 USC § 112 

Claims 11 and 12 were rejected for reciting "the suggested security measure" in 
line 1 without insufficient antecedent basis for such. In reply thereto, claims 11 and 12 
are currently amended to depend from claim 6. Claim 6 recites a suggested security 
measure. Applicant respectfully submits that there is sufficient antecedent basis for 
"the suggested security measure" recited in claims 11 and 12 in claim 6. 

Accordingly, Applicant requests the reconsideration and withdrawal of the 
rejection of claims 11 and 12 under 35 USC 112, 2 nd paragraph. 

Claim 13 was rejected under 35 USC 112, 2 nd paragraph for lacking proper 
antecedent basis. Claim 1 3 is currently amended to overcome this rejection by having 
claim 13 depend from claim 6. Applicant requests the reconsideration and withdrawal 
of the rejection of claim 13 under 35 USC 112, 2 nd paragraph. 
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Claims 22 - 23 and 26 - 28 were rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

Claim 22 is currently amended to correct the antecedent basis issue noted 
therein by the Office Action. Applicant submits that the currently amended claim 22 
overcomes the rejection of record under 35 USC 112, 2 nd paragraph. Additionally, 
claim 23 also overcomes the rejection of record under 35 USC 112, 2 nd paragraph since 
it depends from claim 22. 

Applicant requests the reconsideration and withdrawal of the rejection of claims 
22 and 23 13 under 35 USC 112, 2 nd paragraph. 

Claim 26 - 28 are now canceled, therefore, any rejections thereto are moot. 

Claim Rejections - 35 USC § 102(b) 

Claims 1-7 and 10-19 are rejected as being anticipated by Teller-Kanzler et al., 
EP 0999489 A2 (hereinafter, Teller-Kanzler). This rejection is respectfully traversed. 

Regarding claim 1, Applicant notes, that claim 1 relates a computer-implemented 
method for managing risk related to a security risk event that includes receiving 
information related to a particular security risk event . That is, the information received 
is related a particular or specific security risk event. 

Applicant submits that the previous claim 1 clearly recited receiving information 
related to a security risk event. However* Applicant clarifies by current amendment 
that the security event is a particular event. Thus, it should be clear that the security 
risk event does not relate a general state or condition of a system, location, or 
organization but instead is related to a particular event. 

Support for the current amendments of claim 1 may be found in the specification 
at least at page 2, lines 19-21 wherein it is disclosed, "[A] security risk level is 
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calculated using the structured information such that it is indicative of the magnitude of 
the consequences should a breach of security occur related to an event." 

Contrary to Applicant's claims, the cited and relied upon Teller-Kanzler discloses 
a method and system for evaluating information security that describes where an entity 
"stands with regard to threats and vulnerabilities to its information security at any point 
in time." (See Teller-Kanzler Abstract) That is, the disclosed system and method 
provided a mechanism for describing the general state of an entity with respect to 
threats. 

Furthermore, Teller-Kanzler does not disclose or suggest a method and system 
that includes receiving information related to a security risk event as claimed by 
Applicant. In particular, the Office Action's citation to and reliance on the disclosure pf 
step s6 of Fig. 6 and col. 3, lines 20 - 36 highlights that the Teller-Kanzler system and 
method "information is received about one or more security characteristics for the 
identified information security resource which is indicative of a pre-defined risk level for 
the information security of the entity and which also indicates a pre-defined level of 
readiness of the entity to deal with a risk to the information security of the entity." Thus, 
Teller-Kanzler clearly discloses receiving information related to information security 
resources that indicates a level of security readiness for an entity, not a security risk 
related to a particular security risk event . 

Therefore, Applicant respectfully submits that the cited and relied upon Teller- 
Kanzler fails to disclose or suggest that for which it is cited and relied upon for 
disclosing. As such, Applicant respectfully submits that Teller-Kanzler does not 
anticipate claim 1 under 35 USC 102(b). Claims 2-7 and 10-19 depend from claim 
1 . Applicant submits that claims 2-7 and 10 - 19 are also not anticipated by Teller- 
Kanzler under 35 USC 102(b) for at least depending from an allowable base claim. 

Therefore, Applicant respectfully requests the reconsideration of the rejection of 
claims 1-7 and 10-19 under 35 USC 102(b), and the allowance of same. 
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Claim Rejections - 35 USC § 102(e) 

Claims 1, 6, 8, 9, and 22 - 28 were rejected as being anticipated by U.S. 
Publication No. 2002/0188861 (hereinafter, Townsend). This rejection is respectfully 
traversed. 

Claims 25 - 28 are canceled. Therefore, any rejections related thereto are moot. 

Applicant respectfully submits that the cited and relied upon Townsend discloses 
a system and method to create a security model for an organization operating an 
application on a computer network to protect the application from attack by 
unauthorized sources. (See Townsend, paragraph [0010]) Furthermore, the Townsend 
method and system are related to a security measure for an information system, 
application, application assets, and associated information data bases (See Townsend, 
paragraphs [0003] - [001 0] and [0022]) 

The Office Action alleges that Townsend discloses a method including receiving 
information relating to a security risk by relying on process 100 of FIG. 1 . However, 
Townsend explicitly discloses, 

"information is gathered that describes the application assets and 
system architecture of the organization, details about daily operations, 
and the countermeasures employed at the time of assessment (state 
110). In one implementation, this information is obtained by using a 
questionnaire that is answered by personnel familiar with the 
organization's operations, although other mechanisms for obtaining the 
information may be used such as, for example, automated interrogation of 
computer configurations and networked security services. The 
questionnaire is tailored to solicit information consistent with the 
parameters identified above." (emphasis added) (See Townsend, 
paragraph [0024]) 

Thus, it is clear that the information received by the Townsend method is related 
to application assets, system architecture daily operations (i.e., business concerns) and 
countermeasures, not the claimed information relating to a particular security risk event. 
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Therefore, Applicant respectfully submits that the cited and relied upon 
Townsend fails to disclose or suggest that for which it is cited and relied upon for 
disclosing. As such, Applicant respectfully submits that Townsend does not anticipate 
claim 1 under 35 USC 102(b). Claims 6, 8, 9 depend from claim 1. Applicant submits 
that claims 6, 8, 9 are also not anticipated by Townsend under 35 USC 102(b) for at 
least depending from an allowable base claim. Applicant respectfully submits that 
Townsend does not anticipate claims 22 - 24 under 35 USC 102(b) for at least the 
same reasons as those discussed here in detail related to claim 1 . 

Therefore, Applicant respectfully requests the reconsideration of the rejection of 
claims 1-7 and 10-19 under 35 USC 102(b), and the allowance of same. 

Claim Rejections - 35 USC § 103(a)1 > 

Claims 20 - 21 were rejected as being unpatentable over Teller-Kanzler. This 
rejection is respectfully rejected. 

Claims 20 and 21 depend from claim 1 which Applicant has shown to be 
patentable over Teller-Kanzler under 35 USC 102(b). Inasmuch as Applicant has 
shown the Teller-Kanzler fails to disclose that for which it was cited and relied upon for 
disclosing, Applicant respectfully submits that claims 20 and 21 are not obvious over 
Teller-Kanzler under 103(a). 

Therefore, Applicant respectfully requests the reconsideration of the rejection of 
claims 20 and 21 under 35 USC 103(a), and the allowance of same. 
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CONCLUSION 

Accordingly, Applicants respectfully request allowance of the pending claims. If 
any issues remain, or if the Examiner has any further suggestions for expediting 
allowance of the present application, the Examiner is kindly invited to contact the 
undersigned via telephone at (203) 972-5985. 



May 1.2006 



Respectfully submitted, 



(LMCA 




Date Randolph P. Calhoune 

Registration No. 45,371 
Buckley, Maschoff & Talwalkar LLC 
Five Elm Street 
New Canaan, CT 06840 
(203) 972-5985 
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